Burp Suite MCP Server

Overview Schema Related Servers Score Discussions

check_burp_connectivity

Test connectivity to the Burp REST API and validate configuration settings to verify the server is accessible and ready for security operations.

Instructions

Test connectivity to the Burp REST API. Validates config and performs a simple request.

Input Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

main.py:280-298 (handler)

The main handler function for the check_burp_connectivity tool. Tests connectivity to Burp REST API by validating config and making a simple GET request to /knowledge_base/issue_definitions. Returns a success message if reachable or error message if not.

@mcp.tool("check_burp_connectivity")
async def check_burp_connectivity() -> str:
    """
    Test connectivity to the Burp REST API. Validates config and performs a simple request.
    """
    err = _validate_config()
    if err:
        return f"Configuration error: {err}"

    resp = await make_api_request("GET", "/knowledge_base/issue_definitions")
    if resp is not None:
        return (
            f"Burp API is reachable at {BURP_REST_API_BASE}. "
            "Configuration is valid and the API responded successfully."
        )
    return (
        f"Cannot reach Burp API at {BURP_REST_API_BASE}. "
        "Check that Burp is running, the REST API is enabled, and the API key is correct."
    )

main.py:43-80 (helper)

Helper function that makes HTTP requests to the Burp REST API. Handles authentication, URL construction, request execution, and error handling. Used by check_burp_connectivity to perform the actual API call.

async def make_api_request(
    method: str, request_path: str, payload: dict[str, Any] | None = None
) -> httpx.Response | None:
    """
    Make a request to the Burp REST API.
    Returns None on failure; logs the error for debugging.
    """
    err = _validate_config()
    if err:
        logger.warning(err)
        return None

    path = request_path.lstrip("/")
    if BURP_REST_API_KEY:
        url = f"{BURP_REST_API_BASE}/{BURP_REST_API_KEY}/{BURP_REST_API_VERSION}/{path}"
    else:
        url = f"{BURP_REST_API_BASE}/{BURP_REST_API_VERSION}/{path}"
    async with httpx.AsyncClient() as client:
        try:
            response = await client.request(
                method,
                url,
                json=payload,
                headers=DEFAULT_HEADERS,
                timeout=30,
            )
            response.raise_for_status()
            return response
        except httpx.HTTPStatusError as e:
            logger.warning(
                "Burp API HTTP error: %s %s",
                e.response.status_code,
                e.response.text[:200],
            )
            return None
        except httpx.RequestError as e:
            logger.warning("Burp API request failed: %s", e)
            return None

main.py:33-40 (helper)

Helper function that validates environment configuration (BURP_REST_API_BASE). Returns an error message if configuration is invalid, None if valid. Called at the start of check_burp_connectivity.

def _validate_config() -> str | None:
    """Validate env vars. Returns error message if invalid, None if ok."""
    if not BURP_REST_API_BASE:
        return (
            "Burp API not configured. Set BURP_REST_API_BASE in .env. "
            "See .env.example for reference."
        )
    return None

Tool Definition Quality

A4/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It adds useful context that the tool validates configuration and performs a simple request, but lacks details on error handling, idempotency, or what specific connectivity failures look like.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two efficient sentences with zero waste. The first sentence establishes the core purpose (testing connectivity), and the second clarifies the mechanism (config validation and simple request), making it appropriately front-loaded for a no-argument utility function.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's simplicity (zero parameters) and the presence of an output schema, the description adequately covers what the tool does without needing to explain return values. A minor gap is the lack of error scenario documentation, but this is sufficient for a health check utility.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The tool has zero parameters, which per guidelines establishes a baseline of 4. The description does not need to compensate for missing parameter documentation since the schema is trivially complete at 100% coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool tests connectivity to the Burp REST API and distinguishes itself from scanning-focused siblings (scan_urls_for_vulnerabilities, cancel_scan, etc.) by specifying it validates configuration and performs a simple request rather than actual security testing.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

While the description implies this is a diagnostic/health check tool, it lacks explicit guidance on when to use it (e.g., 'use before scanning operations' or 'call when troubleshooting connection issues') or sequencing relative to the other Burp suite tools.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jayluxferro/burp-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server